Transactional Emails

Password Reset Email Message Examples + Deliverability Tips

EmailLabs Team, 17 July 2023

The password reset email is one of the most commonly received emails today. Building a software application without incorporating an email notification for forgotten passwords is virtually impossible.

source: statista

However, the very prevalence of password reset emails makes their design and content challenging. These emails are so commonplace that they’re often overlooked. But subtle nuances can significantly impact their effectiveness, making them either user-friendly and convenient or confusing and frustrating.

The process of restoring an account necessitates a delicate balancing act between ensuring password security and maintaining usability.

Similar to how one wouldn’t leave a spare key under the doormat, a password reset email shouldn’t be an easy gateway for unauthorized individuals to hijack an account. On the other hand, a password reset email is a valuable opportunity for positive customer interaction.

Below, we list the best practices for sending password reset emails and share some excellent deliverability tips to help you reach your customers.

What Is a Password Reset Email?

A password reset email is a type of transactional email that is automatically triggered when a user clicks on a “Forgot password?” link. It’s a vital component of the account recovery process, which allows users to reset their passwords and regain access to their accounts.

This email typically includes essential information, such as instructions on how to reset the password and a link to the service’s reset password web page. The link provided in the email leads the user to a secure web page where they can enter a new password for their account.

Password reset emails are crucial to account security, as they provide a way for users to verify their identity and ensure that only they can reset their passwords. It helps prevent unauthorized access to their account by would-be attackers.

CyberLabs #2 – Password security, the reason why you should create strong passwords

As such, password reset emails must be designed with security and usability in mind. They should use clear and concise language to guide the user through the process of resetting their password and provide a secure and easy-to-use mechanism for updating their account details.

This is how the password reset email sent by EmailLabs looks like.

8 Best Practices for Password Reset Emails

By providing users with a clear and effective password reset email, service providers can ensure that their users can easily reset their passwords, enhance the overall user experience, and maintain the security of their accounts.

Here are the best practices to follow while creating password reset emails.

Maximize your email deliverability and security with EmailLabs!

Land in the Inbox Immediately

When customers ask for a password reset, they require access to their accounts as quickly as possible. It means the speed at which they receive the password reset email can significantly impact their experience.

To ensure that the password reset email arrives immediately, optimizing your email deliverability is crucial. It involves using a trusted email service provider designed to deliver emails at peak performance. You should send emails from a domain with a good reputation and complete DKIM, SPF (and ideally also with DMARC) records for email authentication.

What Is DMARC?

To achieve this, it’s important to work with a reliable email service provider that has the expertise and infrastructure to deliver emails quickly and reliably — like us, EmailLabs. Doing so can help to ensure that the password reset email arrives in the recipient’s inbox as soon as possible, reducing the chance of delays that could impact their experience.

Ideally, the email should land in the recipient’s inbox right after they make a request — like in the example below.

Ideally, the email should arrive in the recipient’s inbox as soon as the recipient makes the request – as in the example above.

Ensuring that your password reset emails are delivered to your customers’ inboxes is crucial for providing a seamless and hassle-free password reset process.

By prioritizing email deliverability and working with a reputable email service provider, you can ensure your users receive the password reset email as quickly and efficiently as possible.

Equally important when it comes to categorizing messages – it is worth betting on a server dedicated to transactional traffic. Sending emails from a shared IP may end up with the email going to the “Promotions” tab.

The “Offers” or “Promotions” tab is a folder in your customers’ main inbox – however – it is not a folder that opens by default right after logging in. Therefore, there is a risk that your subscribers will not see a message that goes to the “Offers” folder or will read it late.

Keep It Simple

As mentioned before, when it comes to a password reset request, people expect the process to be quick and straightforward. As such, the password reset email should be concise and get straight to the point.

Users generally don’t want to spend more time than necessary on account recovery. A long, complex email can be seen as a roadblock that prevents them from completing the task.

Instead, password reset emails should be kept short and easy to read, providing only the essential information that users need to reset their passwords and regain access to their accounts.

The email should be written in clear and simple language that is easy to understand. It should also include explicit instructions on how to reset the password, along with a link to the password reset web page.

The following example perfectly demonstrates this concept. It includes a brief explanation and a clear “Reset your password” button.

Include the Link to Reset the Password

The link to reset the password is the most important part of the password reset email. Because of that, it’s essential to ensure that the link is clearly visible and easy to click, as this will make it as simple as possible for the user to access the password reset page.

To make the process as smooth as possible, it’s best to use the HREF attribute of a link rather than embedding the password reset link directly in the email. This is because the URL for the password reset page is often quite long and complex, and embedding it directly in the email can make it difficult to click or copy and paste. It may also cause some email programs to consider the message as phishing.

CyberLabs #1 – Phishing being one of the most popular cyber threats

Using the HREF attribute of a link, you can make the password reset link more prominent and visible, making it easier for users to find and click. It can help ensure that the password reset process is as smooth and straightforward as possible, minimizing any frustration or confusion that users might experience.

How to use the HREF attribute correctly.

Identify Your Company

When resetting a password, you must ensure that the email you send is secure and legitimate. If the email comes from an unfamiliar sender name or address, it’s natural for recipients to assume that it might be spam or a phishing attempt.

To build trust and reassure recipients, it’s vital to identify your company in the sender’s name and address. Additionally, including your logo at the top of the email can help reinforce your brand identity and provide a visual cue that the email is from a legitimate source.

For example, in the password reset email from Evernote, the sender’s name is clearly identified as Evernote, and the email address is [email protected].com

The email also prominently features the Evernote logo at the top. All these elements make it clear that the email is from Evernote and helps reassure the recipient that it is safe to open the email and click on the password reset link.

Remember – you build customer’s trust by showing your brand. Posting a logo or using colors attributed to your brand can significantly affect this.

Refrain From Adding Marketing Material

Including marketing material in transactional emails can confuse Inbox Service Providers (ISPs) and cause them to flag the email as a marketing email. This situation increases the likelihood that the email will end up in the recipient’s spam folder rather than their inbox.

Consequently, it’s crucial to keep transactional emails focused solely on their intended purpose and avoid including any marketing messages or material.

Patreon password reset email sets a good example by being concise and easily readable.

Patreon opted for short content and a prominent orange button.

Use One Main CTA

When resetting a password, there’s nothing more frustrating than encountering obstacles or distractions along the way. That’s why it’s essential to provide users with password resets email that is clear, straightforward, and easy to use.

The best password reset emails typically feature a single, prominent call-to-action (CTA) button or link that leads the user directly to the reset password page. It ensures that users can complete the process without being distracted by other options or confusing messages.

Whether the user is in a rush or simply looking for a hassle-free experience, a clear and straightforward password reset email can make all the difference. By providing a simple and easy-to-use CTA, you can help users get back to their accounts quickly and efficiently.

In some cases, including a copyable reset password URL in addition to the CTA button or link may be helpful. Doing so can be especially useful if the user cannot click through to the browser or encounter any other technical difficulties.

For example, you can follow in Etsy’s footsteps and add the link below the “Reset Your Password” button to give your customers an additional option to restore control of their accounts.

Etsy made sure to include not only a CTA button but also provided a direct link to the password change page.

Ultimately, the goal of a password reset email is to provide users with a positive and secure experience while ensuring that their account information is protected. By prioritizing simplicity and clarity, you can achieve this goal and build trust and loyalty with your users.

Send Both HTML and Plain Text Emails

To ensure that password reset emails reach the widest possible audience, sending both an HTML and plain text version of the email is critical. Doing this can improve the delivery rate, as spam filters often view HTML-only emails as a potential red flag.

Providing both versions of the email ensures that users can access the content in a format that works best for them, whether they prefer to view the email in HTML or plain text. It can improve the overall user experience, as well as the security and accessibility of the email.

The password reset email from Airbnb provides an outstanding example of how to include both an HTML and plain text version of the email. By giving both versions, Airbnb ensures that users can access the email and reset link regardless of their email client or preferences and can reset their password quickly and easily.

HTML version

The HTML version includes colourful elements and varied fonts.

Plain text version

The plain text version ensures that the user will be able to read the message on any device without trouble.

Include a Way To Help

It’s crucial to reassure your customers that they have control over their accounts. For that reason, your password reset email should make it clear that users can opt to do nothing if they did not request a password change and that they can always contact support if they have any questions or concerns.

One example of a company that does this well is Society6, a home decor site. Their password reset link email not only provides clear instructions on resetting the password but also includes a reassuring message that users can choose not to change their password if they did not initiate the request.

By including this message, Society6 is sending a signal of trust to its users. It shows that the company takes security and privacy seriously and is committed to providing a transparent and user-friendly experience.

In addition to this message, Society6 also encourages users to contact support if they have any questions or issues. This further reinforces the company’s commitment to providing excellent customer service and support and can help to build trust and loyalty with its users.

Society6 password reset message containing the “Contact Us” button.

Password Reset Best Practices Checklist

Creating a password reset email that is user-friendly, secure, and effective is no small feat. To help ensure that your email hits all the right notes, we’ve put together a handy checklist of best practices to follow.

    1. Make sure that your email deliverability is top-notch. You want to ensure your email lands in the recipient’s inbox as quickly as possible.
    2. Keep it simple. A clear and straightforward email will help users quickly find their password reset link without any added fuss.
    3. To ensure that users know your email is legitimate, make your email easily identifiable with clear headers, subject lines, and sending email addresses.
    4. Use one main call-to-action (CTA) to ensure that recipients can quickly and easily identify where they need to click.
    5. If a recipient’s email address is not associated with an account, send them a follow-up password reset request.
    6. Remember that password reset emails don’t have to be boring! Adding a sprinkle of your brand’s personality can help recipients feel more connected to your company.
    7. At the same time, keep marketing to a minimum and only add additional messaging where relevant.
    8. Be sure to send both HTML and text emails so that recipients can access the email in the format that works best for them.
    9. Don’t forget to include support information. This way, recipients know where to turn if they need help or have questions.
    10. Finally, regularly update and test your password reset emails to ensure they are still effective and performing as intended.

Maximize your email deliverability and security with EmailLabs!

How to Make Sure Your Password Reset Emails Are Secure

Regarding password resets, there’s a fine line between ensuring security and providing a user-friendly experience.

On the one hand, you want to give users enough information to initiate a password reset. But on the other, you don’t want to make it too easy for hackers to gain access to sensitive information.

One effective way to maintain security is to never confirm or deny the existence of an account with a given email or username. Yet, it can create confusion and frustration for users who are unsure whether their account actually exists.

To address this challenge, a simple solution is to always send an email to the email address provided, regardless of whether the user exists or not. This way, the confirmation message displayed on the web page simply states, “an email has been sent to the provided email address with further instructions.”

If the user exists, you send the standard password reset email with a URL and instructions. If the user doesn’t exist, you send a different email explaining that the user account was not found and suggesting they try a different email address.

While this approach may not provide immediate feedback on the web page, it ensures that no one other than the email address owner can identify a list of user accounts for a given service. The owner of the email address will be the only one to receive any details about the password, and anyone looking to uncover existing users will always receive the same message and never know whether the account exists or not.

Following this approach allows you to strike the right balance between security and usability and provide a seamless password reset experience for your users.

3 Password Reset Email Deliverability Recommendations

The last thing you want is for your password reset email to end up in the spam folder or be blocked altogether. After all, if your customers can’t access your email, how are they supposed to access their account?

You can do a few things to ensure your password reset email makes it to the inbox.

First, consider sending your email from a dedicated IP address. It will allow you to maintain a strong sending reputation and avoid being affected by the practices of other senders.

Second, it can be helpful to separate your mail streams for marketing and promotional emails from transactional emails. By closely monitoring the mail stream for login credentials, you can ensure that you are experiencing high delivery rates.

Finally, refrain from adding marketing material to your transactional emails. ISPs can easily become confused by marketing material in transactional emails, making your email more likely to land in the spam folder.

The Bottom Line

Password reset emails may seem like mundane and functional emails, but they actually offer a perfect opportunity to showcase your brand’s personality, build stronger relationships with your customers, and drive conversions.

While it’s easy to overlook the potential of password reset emails, a closer look reveals a wealth of possibilities. By infusing your password reset emails with your brand’s unique voice and tone, you can make a lasting impression on your customers and reinforce your brand identity.

Additionally, password reset emails offer an opportunity to engage further with your customers and drive conversions. Including relevant calls to action or information about your products or services can encourage customers to explore your offerings further.

Ready to start sending? Sign up for a free EmailLabs account today and transform your password reset emails for better deliverability and classification of transactional emails that help you build stronger relationships with your customers and drive business growth!

Create an account with EmailLabs today

Increase the deliverability of your newsletters and effectively reach your users!

Most popular

Latest blog posts